test

Sun Java System Portal Server Secure Remote Access 7.2 Administration Guide

Chapter 8 Configuring the Secure Remote Access Gateway

This chapter describes configuring the Gateway attributes from the Sun Java System Portal Server administration console.

This chapter contains the following sections:

Before you Begin

Configuring the Profile Core Options

This section explains the following tasks:

Configuring the Startup Mode

The Gateway runs in HTTPS mode after installation if you have chosen to run the Gateway in the HTTPS mode during installation. In the HTTPS mode, the Gateway accepts SSL connections from browsers and rejects non-SSL connections. However, you can also configure the Gateway to run in HTTP mode. This speeds Gateway performance as the overhead involved in managing SSL sessions and encrypting and decrypting the SSL traffic are not involved.

ProcedureTo Configure the Startup Mode

  1. Log onto the Portal Server administration console as administrator.

  2. Select the Secure Remote Access tab, and click the profile name to modify its attributes.

  3. Select the Core tab.

  4. Modify the following attributes:

    HTTP Connections

    Select the HTTP Connections checkbox to allow Gateway to accept non-SSL connections.

    HTTP Port

    Enter the HTTP port number. The default value is 80.

    HTTPS Connections

    Select the HTTPS Connections checkbox to allow Gateway to accept SSL connections. By default, this options is selected.

    HTTPS Port

    Enter the HTTPS port number. The default value is 443.

    Note –

    The following attributes can be modified using psadmin set-attribute in Sun Java System Portal Server 7.2 Command-Line Reference

    /space/PS/portal/bin/psadmin set-attribute -u amadmin -f /space/PS/portal/bin/ps_password -p portal1 -m gateway --gateway-profile profileID -a sunPortalGatewayDomainsAndRulesets -A $entry

    • sunPortalGatewayDefaultDomainAndSubdomains=Default Domains

    • sunPortalGatewayLoggingEnabled=Enable Logging

    • sunPortalGatewayEProxyPerSessionLogging=Enable per Session Logging

    • sunPortalGatewayEProxyDetailedPerSessionLogging=Enable Detailed per Session Logging

    • sunPortalGatewayNetletLoggingEnabled=Enable Netlet Logging

    • sunPortalGatewayEnableMIMEGuessing=Enable MIME Guessing

    • sunPortalGatewayParserToURIMap=Parser to URI Mappings

    • sunPortalGatewayEnableObfuscation=Enable Masking

    • sunPortalGatewayObfuscationSecretKey=Seed String for Masking

    • sunPortalGatewayNotToObscureURIList=URIs not to Mask

    • sunPortalGatewayUseConsistentProtocolForGateway=Make

    • Gateway protocol Same as \n Original URI Protocol sunPortalGatewayEnableCookieManager=Store External Server Cookies

    • sunPortalGatewayMarkCookiesSecure=Mark Cookies as secure

  5. Restart the Gateway from a terminal window:

    ./psadmin start-sra-instance -u amadmin -f passwordfile -N profilename -t gateway 


    
    		

    

    

    6. 



Configuring the Core Components


Netlet enables users to securely run common TCP/IP services over insecure
networks such as the Internet. You can run TCP/IP applications (such as Telnet
and SMTP), HTTP applications, and any fixed port applications. If Netlet is
enabled, the Gateway needs to determine whether the incoming traffic is Netlet
traffic or Portal Server traffic. Disabling Netlet reduces this overhead since
the Gateway assumes that all incoming traffic is either HTTP or HTTPS traffic.
Disable Netlet only if you are sure you do not want to use any application
with Portal Server.



ProcedureTo Configure the Components


    


  1. 

    Log onto the Portal Server administration console as administrator.
    


    2. 


  2. 

    Select the Secure Remote Access tab and click the profile name
to modify its attributes.
    


    3. 


  3. 

    Select the Core tab.
    


    4. 


  4. 

    Modify the following attributes:
    



    


    


    Attribute Name 
    

    		

    Description 
    

    		

    

    


    


    Netlet 
    

    		

    Select the Enable checkbox to initiate the Netlet service. By default
this option is selected. 
    

    		

    


    


    Proxylet 
    

    		

    Select the Enable checkbox to initiate the Proxylet service. By default
this option is selected. 
    

    		

    

    

    


     

    

     

    

    5. 


  5. 

    Restart the Gateway from a terminal window using the following
command options:
    


    
./psadmin start-sra-instance -u amadmin
-f passwordfile -N profilename -t gateway

    


    6. 



Configuring the Basic Options


About the Cookie Management Attribute


Many web sites use cookies to track and manage user sessions. When the
Gateway routes requests to web sites that set cookies in the HTTP header,
the Gateway either discards or passes-through those cookies in the following
manner:



This setting does not apply to the cookies used by Portal Server to
track Portal Server user sessions. The setting is controlled by the configuration
of the URLs to which User Session Cookie is Forwarded URL option.


This setting applies to all web sites that the user is permitted to
access (that is, you cannot choose to discard cookies from some sites and
retain cookies from others).


Note – 
Do not remove URLs from the Cookie Domain list, even in a Gateway
without cookies. See the Access Manager Administration Guide for
information on the Cookie Domain list.




About the HTTP Basic Authentication Attribute


HTTP basic authentication can be set in the Gateway service.


Web sites may be protected with HTTP Basic Authentication, requiring
visitors to enter a username and password before viewing the site (the HTTP
response code is 401 and WWW-authenticate: BASIC). Portal Server can save
the username and password so that users need not re-enter their credentials
when they revisit BASIC-protected web sites. These credentials are stored
in the user profile on the directory server.


This setting does not determine whether or not a user may visit BASIC-protected
sites, but only whether the credentials the user enters are saved in the user\qs
profile.


This setting applies to all web sites that the user is permitted to
access (that is, HTTP basic authentication caching cannot be enabled for some
sites and disabled for others).


Note – 
Browsing to URLs served by Microsoft\qs Internet Information Server
(IIS) protected by Windows NT challenge/response (HTTP response code 401,
WWW-Authenticate: NTLM) instead of BASIC authentication is not supported.




You can also enable single sign-on using the Access Control service
in the administration console.


About the Portal Servers Attribute


You can configure multiple Portal Servers for the Gateway to service
requests. While installing the Gateway, you would have specified the Portal
Server that the Gateway needs to work with. This Portal Server is listed in
the Portal Servers field by default. You can add more Portal Servers to the
list in the format http://portal- server-name:port
number. The Gateway tries to contact each of the Portal Servers
listed in a round robin manner to service the requests.


About the URLs to Which User Session Cookie is Forwarded
Attribute


Portal server utilizes a cookie to track user sessions. This cookie
is forwarded to the server when the Gateway makes HTTP requests to the server
(for example, when the desktop servlet is called to generate the user\qs desktop
page). Applications on the server use the cookie to validate and identify
the user.


The Portal Server\qs cookie is not forwarded to HTTP requests made to
machines other than the server, unless URLs on those machines are specified
in the URLs to which User Session Cookie is Forwarded list. Adding URLs to
this list therefore enables servlets and CGIs to receive the Portal Server\qs
cookie and use the APIs to identify the user.


URLs are matched using an implicit trailing wildcard. For example, the
default entry in the list:


http://server:8080


causes the cookie to be forwarded to all URLs starting with http://server:8080.


Adding:


http://newmachine.eng.siroe.com/subdir


causes the cookie to be forwarded to all URLs starting with that exact
string.


For this example, the cookie is not forwarded to any URLs starting with
"http://newmachine.eng/subdir", since this string does
not start with the exact string in the forward list. To have cookies forwarded
to URLs starting with this variation of the machine\qs name, an additional
entry has to be added to the forward list.


Similarly, the cookie is not forwarded to URLs starting with "https://newmachine.eng.siroe.com/subdir" unless an appropriate entry is added to the list.


About the Obtain Session from URL Attribute


When the Obtain Session from a URL option is selected, session information
is encoded as part of the URL, whether cookies are supported or not. This
means that the Gateway uses the session information found in the URL for validation
rather than using the session cookie that is sent from the client’s
browser.



ProcedureTo Configure the Basic Options


    


  1. 

    Log onto the Portal Server administration console as administrator.
    


    2. 


  2. 

    Select the Secure Remote Access tab and click the profile name
to modify its attributes.
    


    3. 


  3. 

    Select the Core tab.
    


    4. 


  4. 

    Modify the following attributes:
    



    


    


    Attribute Name 
    

    		

    Description 
    

    		

    

    


    


    Cookie Management 
    

    		

    Select the Enable checkbox to enable cookie management. 
    

    By default, this option is selected. 
    

    		

    


    


    HTTP Basic Authentication 
    

    		

    Select the Enable HTTP Basic Authentication checkbox to enable HTTP
basic authentication. 
    

    		

    


    


    Portal Servers 
    

    		

    Enter the Portal Server in the format http://portal-server-name:port-number in the field and click Add.
    

    Repeat this step to add more Portal Server to the Portal Server list. 
    

    		

    


    


    URLs to which User Session Cookie is Forwarded 
    

    		

    Enter the URL to which User Session Cookie is Forwarded and click Add. 
    

    Repeat this step to add more URLs to the URLs to which the User Session
is Forwarded list. 
    

    		

    


    


    Gateway Minimum Authentication Level 
    

    		

    Enter the authentication level. 
    

    By default, an asterisk is added to allow authentication at all levels. 
    

    		

    


    


    Obtain Session from URL 
    

    		

    Select Yes to retrieve information on a session from a URL. 
    

    By default, the No option is selected. 
    

    		

    

    

    


     

    

     

    

    5. 



Configuring the Deployment Options


Configuring the Proxy Settings



ProcedureTo Configure the Proxy Settings


    


  1. 

    Log onto the Portal Server administration console as administrator.
    


    2. 


  2. 

    Select the Secure Remote Access tab and click the profile name
to modify its attributes.
    


    3. 


  3. 

    Select the Deployment tab.
    


    4. 


  4. 

    Modify the following attributes:
    



    


    


    Attribute Name 
    

    		

    Description 
    

    		 


    

    


    


    Use Proxy 
    

    		

    Select the Use Proxy checkbox to enable the usage of web proxies. 
    

    		 


    


    


    Webproxy URLs 
    

    		

    Enter the required URL in the Use Webproxy URLs edit box in the format http://host name.subdomain.com, and then cClick Add.
    

    The URL is added to the Use Webproxy URLs list. 
    

    		

    You can specify that the Gateway needs to contact certain URLs only
through the webproxies listed in the Proxies for Domains and Subdomains list,
even if the Use Proxy option is disabled. You need to specify these URLs in
the Use Webproxy URLs field. See Specifying a Proxy to Contact Access Manager for details on how this value affects the
usage of proxies.
    

    		

    


    


    Proxies for Domains and Subdomains 
    

    		

    The entry is added to the Proxies for Domains and Subdomains list box. 
    

    The format for entering the proxy information is as follows: 
    

    

    


    

    domainname proxy1:port1|subdomain1 proxy2:port2|subdomain2 proxy3:port3|* proxy4:port4
    
    		

    

    

    * indicates that the proxy defined after the * needs to be used for
all domains and subdomains other than those specifically mentioned. 
    

    If you do not specify the port for the proxy, port 8080 is used by default. 
    

    		

    See Specifying a Proxy to Contact Access Manager for
details on how the proxy information is applied to various hosts.
    

    		

    


    


    Proxy Password List 
    

    		

    In the Proxy Password List field, enter the information for each proxy
server, and then click Add. 
    

    The format for entering the proxy information is as follows: 
    

    
proxyserver|username|password

    

    The proxyserver corresponds to the proxy server defined
in the Proxies for Domains and Subdomains list.
    

    		

    You need to specify the user name and password required for the Gateway
to authenticate to a specified proxy server, if the proxy server requires
authentication to access some or all the sites. 
    

    		

    


    


    Automatic Proxy Configuration support 
    

    		

    Select the Enable Automatic Proxy Configuration Support checkbox to
enable PAC support. 
    

    		

    If you select the option Enable Automatic Proxy Configuration, the information
provided in the Proxies for Domains and Subdomains field is ignored. The Gateway
uses the Proxy Automatic Configuration (PAC) file only for intranet configuration.
See Using Automatic Proxy Configuration for
information on PAC files.
    

    		

    


    


    Automatic Proxy Configuration File location 
    

    		

    In Location field, enter the name and location of the PAC file. 
    

    		 


    

    

    


     

    

     

    

    5. 



Configuring the Rewriter Proxy and Netlet Proxy



About NetLet Proxy



The Netlet proxy enhances the security of Netlet traffic between the
Gateway and the intranet by extending the secure tunnel from the client, through
the Gateway to the Netlet proxy that resides in the intranet.If the Netlet
proxy is enabled, the Netlet packets are decrypted by the Netlet proxy and
then sent to the destination server. This reduces the number of ports required
to be opened in the firewall.



About Rewriter Proxy



The Rewriter proxy enables secure HTTP traffic between the Gateway and
intranet. If you do not specify a Rewriter proxy, the Gateway component makes
a direct connection to the intranet  when a user tries to access a machine
on the intranet.The Rewriter proxy does not run automatically after installation.
You need to enable the Rewriter proxy as described below.



ProcedureTo Configure the Rewriter Proxy and Netlet Proxy


    


  1. 

    Log onto the Portal Server administration console as administrator.
    


    2. 


  2. 

    Select the Secure Remote Access tab and click the profile name
to modify its attributes.
    


    
Note – 

    Ensure that the Rewriter proxy and the Gateway use the same gateway
profile.
    


    


    3. 


  3. 

    Select the Deployment tab.
    


    4. 


  4. 

    Modify the following attributes:
    



    


    


    Attribute Name 
    

    		

    Description 
    

    		

    

    


    


    Rewriter Proxy 
    

    		

    Select the Rewriter Proxy checkbox to enable the Rewriter proxy service. 
    

    		

    


    


    Rewriter Proxy List 
    

    		

      

    1. 

      Enter the host and port in the Rewriter Proxies edit box,
in the format hostname:port.
      


      
Tip – 

      To determine if the port desired is available and unused, from
the command line, enter:
      


      
netstat -a | grep port-number | wc -l

      


      
port-number is the required port.
      


      



      2. 

    2. 

      Click Add.
      



      3. 

    


    		

    


    


    Netlet Proxy 
    

    		

    Select the Enable Netlet Proxy checkbox to enable the Netlet proxy service. 
    

    		

    


    


    Netlet Proxy Hosts 
    

    		

      

    1. 

      Enter the Netlet proxy host and port in the Netlet Proxy Hosts
field, in the format hostname:port.
      


      
Tip – 

      To determine if the port desired is available and unused, from
the command line, enter:
      


      
netstat -a | grep port-number | wc -l

      


      
port-number is the required port.
      


      



      2. 

    2. 

      Click Add.
      



      3. 

    


    		

    


    


    Netlet Tunneling via Web Proxy 
    

    		

    Select the Enable Netlet Tunneling via Web Proxy checkbox to enable
tunneling. 
    

    		

    

    

    


     

    

     

    

    5. 


  5. 

    Run portal-server-install-root/SUNWportal/bin/certadmin on the server to create a certificate for the Rewriter proxy.
    


    You need to do this step only if you have not chosen to create a certificate
while installing the Rewriter proxy.
    


    6. 


  6. 

    Log in as root to the machine where the Rewriter proxy is installed
and start the Rewriter proxy:
    


    

    


    

    rewriter-proxy-install-root/SUNWportal/bin/rwproxyd -n gateway-profile-name start
    
    		

    

    

    7. 


  7. 

    Log in as root to the machine where the Gateway is installed and
restart the Gateway:
    


    

    


    

    ./psadmin start-sra-instance -u amadmin -f passwordfile -N profilename -t gateway
    
    		

    

    

    8. 



Configuring the Security Options


Configuring the PDC and Non Authenticated URLs



ProcedureTo Configure the PDC and Non Authenticated URLs


    


  1. 

    Log onto the Portal Server administration console as administrator.
    


    2. 


  2. 

    Select the Secure Remote Access tab and click the profile name
to modify its attributes.
    


    3. 


  3. 

    Select the Security tab.
    


    4. 


  4. 

    Modify the following attributes:
    



    


    


    Attribute Name 
    

    		

    Description 
    

    		

    

    


    


    Certificate-enabled Gateway hosts 
    

    		

      

    1. 

      Add the Gateway name to the Certificate-enabled Gateway hosts.
      


      Add the Gateway in the format host1.sesta.com.
      



      2. 

    2. 

      Click Add.
      



      3. 

    


    		

    


    


    Non-authenticated URLs 
    

    		

    You can specify that some URLs do not need authentication. These are
normally directories that contain images. 
    

    In the Non-Authenticated URLs field, enter the required folder path
in the format folder/subfolder.
    

    URLs that are not fully-qualified (for example, /images) are treated
as portal URLs. 
    

    To add a non-portal URL, fully qualify the URL, click Add to add this
entry to the Non-Authenticated URLs list. 
    

    		

    


    


    Trusted SSL Domains 
    

    		

    In the Trusted SSL Domains field, enter the domain names and click Add. 
    

    		

    

    

    


     

    

     

    

    5. 



Configuring the TLS and SSL Options



ProcedureTo Configure the TLS and SSL Options


    


  1. 

    Log onto the Portal Server administration console as administrator.
    


    2. 


  2. 

    Select the Secure Remote Access tab and click the profile name
to modify its attributes.
    


    3. 


  3. 

    Select the Security tab.
    


    4. 


  4. 

    Modify the following attributes:
    



    


    


    Attribute Name 
    

    		

    Description 
    

    		

    

    


    


    40-bit Encryption 
    

    		

    Select this option if you want to allow 40-bit (weak) Secure Sockets
Layer (SSL) connections. If you do not select this option, only 128-bit connections
are supported. 
    

    If you disable this option, the user needs to ensure that the browser
is configured to support the required connection type. 
    

    
Note – 

    The user needs to do the following in the case of Netscape Navigator
4.7x:
    



      

    1. 

      Select Security Info under Tools in the Communicator menu.
      



      2. 

    2. 

      Click the Navigator link in the left pane.
      



      3. 

    3. 

      Click Configure SSL v2 or Configure SSL v3 under Advanced
Security (SSL) Configuration.
      



      4. 

    4. 

      Enable the required ciphers.
      



      5. 

    


    


    		

    


    


    Null Ciphers 
    

    		

    Select the Enable Null Ciphers checkbox to enable null ciphers. 
    

    		

    


    


    SSL Cipher Selection 
    

    		

    Secure Remote Access supports a number of standard ciphers. You have
the option of supporting all the pre-packaged ciphers, or selecting the required
ciphers individually. You can select specific SSL ciphers for each Gateway
instance. If any of the selected ciphers is present at the client site, the
SSL handshake occurs successfully. 
    

    		

    


    


    SSL Version 2.0 
    

    		

    Select the Enable SSL Version 2.0 checkbox to enable version 2.0. This
option is enabled by default. 
    

    You can enable or disable SSL version 2.0. Disabling SSL 2.0 means that
browsers that support only the older SSL 2.0 cannot authenticate to Secure
Remote Access. This ensures a greater level of security. 
    

    		

    


    


    SSL2 Ciphers 
    

    		

    Select the Enable SSL Cipher Selection checkbox option. 
    

    You can select the required ciphers from the list of SSL ciphers. 
    

    		

    


    


    SSL Version 3.0 
    

    		

    You can enable or disable SSL version 3.0. Disabling SSL 3.0 means that
browsers that support only the SSL 3.0 cannot authenticate to SRA software.
This ensures a greater level of security. 
    

    Select the Enable SSL Version 3.0 checkbox to enable version 3.0. 
    

    		

    


    


    SSL3 Ciphers 
    

    		

    Select the Enable SSL Cipher Selection checkbox option. 
    

    You can select the required ciphers from the list of SSL3 ciphers. 
    

    		

    


    


    TLS Ciphers 
    

    		

    Select the Enable SSL Cipher Selection checkbox option. 
    

    You can select the required ciphers from the list of TLS ciphers. 
    

    		

    

    

    


     

    

     

    

    5. 



Configuring the Performance Options


Configuring the Timeouts and Retries



ProcedureTo Configure the Timeouts and Retries


    


  1. 

    Log onto the Portal Server administration console as administrator.
    


    2. 


  2. 

    Select the Secure Remote Access tab and click the profile name
to modify its attributes.
    


    3. 


  3. 

    Select the Performance tab.
    


    4. 


  4. 

    Modify the following attributes:
    



    


    


    Attribute Name 
    

    		

    Description 
    

    		

    

    


    


    Server Retry Interval (seconds) 
    

    		

    Specify the time interval in seconds between requests to try to start
the Portal Server, Rewriter proxy, or Netlet proxy if it becomes unavailable
(such as a crash or it was brought down). 
    

    		

    


    


    Gateway Timeout (seconds) 
    

    		

    Specify the time interval in seconds after which the Gateway times out
its connection with the browser. 
    

    In the Gateway Timeout field, specify the interval required in seconds. 
    

    		

    


    


    Cached Socket Timeout (seconds) 
    

    		

    Specify the time interval in seconds after which the Gateway times out
its connection with the Portal Server. 
    

    		

    

    

    


     

    

     

    

    5. 



Configuring the HTTP Options



ProcedureTo Configure the HTTP Options


    


  1. 

    Log onto the Portal Server administration console as administrator.
    


    2. 


  2. 

    Select the Secure Remote Access tab and click the profile name
to modify its attributes.
    


    3. 


  3. 

    Select the Performance tab.
    


    4. 


  4. 

    Modify the following attributes:
    



    


    


    Attribute Name 
    

    		

    Description 
    

    		

    

    


    


    Maximum Thread Pool Size 
    

    		

    Specify the required number of threads. 
    

    You can specify the maximum number of threads that can be pre-created
in the Gateway thread pool. 
    

    		

    


    


    Persistent HTTP Connections 
    

    		

    Select the Enable Persistent HTTP Connections checkbox to enable HTTP
connections. 
    

    You can enable HTTP persistent connections at the Gateway to prevent
sockets being opened for every object (such as images and style sheets) in
the Web pages. 
    

    		

    


    


    Maximum Number of Requests per Peristent Connection 
    

    		

    Enter the maximum number of requests. 
    

    		

    


    


    Timeout for Persistent Socket Connections (seconds) 
    

    		

    Enter the required timeout in seconds. 
    

    		

    


    


    Grace Timeout to Account for Turnaround Time (seconds) 
    

    		

    Enter the required grace timeout in seconds. 
    

    This is the round-trip time for the network traffic between the client
(browser) and the Gateway. 
    


      

    • 

      Time taken for the request to reach the gateway after the
browser has sent it
      



      • 

    • 

      Time between gateway sending the response and the browser
actually receiving it
      



      • 

    


    This is dependent on factors such as network conditions and the client’s
connection speed. 
    

    		

    


    


    Maximum Connection Queue Length 
    

    		

    Specify the maximum concurrent connections that the Gateway should accept. 
    

    Specify the required number of connections. 
    

    		

    

    

    


     

    

     

    

    5. 



Monitoring the Secure Remote Access Performance


Monitoring allows administrators to assess the performance of different
components of the Secure Remote Access.



ProcedureTo Monitor Secure Remote Access Performance


    


  1. 

    Log in to the Portal Server management console.
    


    2. 


  2. 

    Select the Secure Remote Access tab, and click Monitoring in the
submenu.
    


    3. 


  3. 

    In the Monitoring page, select a proxy instance from the drop-down
menu.
    


    4. 


  4. 

    Select an attribute in the MBeans table to view performance values.
    


    5. 



Configuring the Rewriter Options


Configuring the Basic Options



ProcedureTo Configure the Basic Options


    


  1. 

    Log onto the Portal Server administration console as administrator.
    


    2. 


  2. 

    Select the Secure Remote Access tab and click the profile name
to modify its attributes.
    


    3. 


  3. 

    Select the Rewriter tab.
    


    4. 


  4. 

    Modify the following attributes:
    



    


    


    Attribute Name 
    

    		

    Description 
    

    		

    

    


    


    Rewriting of All URIs 
    

    		

    Select the Enable Rewriting of All URIs checkbox to enable the Gateway
to rewrite all URLs. 
    

    If you enable the Enable Rewriting of All URIs option in the Gateway
service, Rewriter rewrites any URL without checking against the entries in
the Proxies for Domains and Subdomains list. Entries in the Proxies for Domains
and Subdomains list are ignored. 
    

    		

    


    


    URIs Not to Rewrite 
    

    		

    Add the URI in the edit box. 
    

    
Note – 

    Adding #* to this list allows URIs to be rewritten, even when
the href rule is part of the ruleset.
    


    


    		

    

    

    


     

    

     

    

    5. 



Configuring the Map URIs to RuleSets


Rulesets are created in the Rewriter service under Portal Server Configuration
in the Portal Server management console. See the Portal Server Administration Guide for
details.


After the ruleset is created, you associate a domain with the ruleset
using the Map URIs to RuleSets field. The following two entries are added
by default to the Map URIs to RuleSets field:



This means that for all pages from the default domain, the default Gateway
ruleset is applied. For all other pages, the generic ruleset is applied. The
default Gateway ruleset and the generic ruleset are pre-packaged rulesets.


Note – 
For all the content appearing on the desktop, the ruleset for
the default domain is used, irrespective of where the content is fetched from.


For example, assume that the desktop is configured to scrape the content
from the URL yahoo.com. The Portal Server is in sesta.com. The ruleset for sesta.com is applied to the
fetched content.




Note – 
The domain for which you specify a ruleset must be listed in the
Proxies for Domains and Subdomains list.





ProcedureTo Configure the Map URIs to RuleSets


    


  1. 

    Log onto the Portal Server administration console as administrator.
    


    2. 


  2. 

    Select the Secure Remote Access tab, and click the profile name
to modify its attributes.
    


    3. 


  3. 

    Select the Rewriter tab.
    


    4. 


  4. 

    Modify the following attributes:
    



    


    


    Attribute Name 
    

    		

    Description 
    

    		

    

    


    


    URI 
    

    		

    Enter the required domain or host name and the ruleset in the Map URIs
to RuleSets field and click Add. 
    

    The entry is added to the Map URIs to RuleSets field. 
    

    The format for specifying the domain or host name and the ruleset is
as follows: 
    

    

    


    

    domain-name|ruleset-name
    
    		

    

    

    For example: 
    

    

    


    

    eng.sesta.com|default
    
    		

    

    

    
Note – 

    The order of priority for applying the ruleset is hostname-subdomain-domain.
    


    An example of entries in the Domain-based rulesets
list is:
    


    

    


    

    sesta.com|ruleset1
eng.sesta.com|ruleset2
host1.eng.sesta.com|ruleset3
    
    		

    

    


      

    • 

      
ruleset3 is applied for all pages on host1.
      



      • 

    • 

      
ruleset2 is applied for all pages in the eng subdomain, except for pages retrieved from host1.
      



      • 

    • 

      
ruleset1 is applied for all pages in the sesta.com domain, except for pages retrieved from the eng subdomain,
and from host1.
      



      • 

    


    


    		

    

    

    


     

    

     

    

    5. 



Configuring the Map Parser to MIME Types


Rewriter has four different parsers to parse the web pages based on
the content type - HTML, JAVASCRIPT, CSS and XML. Common MIME types are associated
with these parsers by default. You can associate new MIME types with these
parsers in the Map Parser to MIME Types field of the Gateway service. This
extends Rewriter functionality to other MIME types.


Separate multiple entries with a semicolon or a comma (";" or ",".)


For example:


HTML=text/html;text/htm;text/x-component;text/wml; text/vnl/wap.wml


means any content with these MIMEs are sent to the HTML Rewriter and
HTML Rules would be applied to rewrite the URLs.


Tip – 
Removing unnecessary parsers from the MIME mappings list can increase
the speed of operation. For example, if you are sure that the content from
a certain intranet does not have any JavaScript, you can remove the JAVASCRIPT
entry from the MIME mappings list.





ProcedureTo Configure the Map Parser to MIME Types


    


  1. 

    Log onto the Portal Server administration console as administrator.
    


    2. 


  2. 

    Select the Secure Remote Access tab and click the profile name
to modify its attributes.
    


    3. 


  3. 

    Select the Rewriter tab.
    


    4. 


  4. 

    Modify the following attributes:
    



    


    


    Attribute Name 
    

    		

    Description 
    

    		

    

    


    


    Parsers 
    

    		

      

    1. 

      In the Map Parser to MIME Types field, add the required MIME
type in the Edit box. Use a semicolon or comma to separate multiple entries.
      


      Specify the entry in the format HTML=text/html;text/htm

      



      2. 

    2. 

      Click Add to add the required entry to the list.
      



      3. 

    


    		

    

    

    


     

    

     

    

    5. 



Configuring Personal Digital Certificate Authentication


PDCs are issued by a Certification Authority (CA) and signed with the
CA's private key. The CA validates the identity of a requesting body before
issuing a certificate. Thus the presence of a PDC is a powerful authentication
mechanism.


PDCs contain the owner's public key, the owner's name, an expiration
date, the name of the Certification Authority that issued the Digital Certificate,
a serial number, and maybe some other information.


Users can use PDCs and encoded devices such as Smart Cards and Java
Cards for authentication in the Portal Server. The encoded devices carry an
electronic equivalent of a PDC stored on the card. If a user logs in using
one of these mechanisms, no Log in screen displays and no authentication screen
is displayed.


    

    The PDC authentication process involves several steps:
    


  1. 

    From a browser, the user types a connection request, say https://my.sesta.com.
    


    The response to this request depends
on whether the Gateway to my.sesta.com has been configured
to accept certificates.
    


    
Note – 

    When a Gateway is configured to accept certificates, it accepts
only logins with certificates, not any other kind of login.
    


    


    The Gateway checks that the certificate has been issued by a known Certificate
Authority, has not expired, and has not been tampered with. If the certificate
is valid, the Gateway lets the user proceed to the next step in the authentication
process.
    



    2. 

  2. 

    The Gateway passes the certificate to the PDC authentication
module in the server.
    



    3. 




ProcedureTo Configure PDCs and Encoded Devices


    


  1. 

    Add the following line in the /etc/opt/SUNWam/config/AMConfig.properties file on the Portal Server machine: com.iplanet.authentication.modules.cert.gwAuthEnable=yes.
    


    2. 


  2. 

    Import the Required Certificates into the certificate database
of the Gateway that you want PDC-enabled. To configure the certificates, see To import the Root CA certificate on the gateway machine

    


    3. 


  3. 

    Log into the Access Manager administration console as administrator,
do the following:
    


      


    1. 

      Select the Identity Management tab and then select an Organization.
      


      2. 


    2. 

      Click Services for the Organization from the View drop down menu.
      


      3. 


    3. 

      Click Add to register the certificate.
      


      4. 


    

    4. 


  4. 

    From the Access Manager administration console, do the following:
    


      


    1. 

      Select the required organization and click the arrow next to Certificate.
      


      2. 


    2. 

      In the Trusted Remote Host list box, highlight none and click
Remove.
      


      3. 


    3. 

      Enter any in the text field and click Add.
      


      4. 


    4. 

      Click Save.
      


      5. 


    

    5. 


  5. 

    From the Access Manager administration console, do the following:
    


      


    1. 

      Choose the required organization and then select Services from
the View drop-down menu.
      


      The list of services is displayed.
      


      2. 


    2. 

      Click the arrow next to the Authentication Configuration core
service and then click New.
      


      The New Service Instance page is displayed.
      


      3. 


    3. 

      Enter the service instance name as gatewaypdc.
      


      4. 


    4. 

      Click Submit.
      


      The gatewaypdc Service Instance List
is displayed.
      


      5. 


    5. 

      Click gatewaypdc to edit the service.
      


      The gatewaypdc
show properties page is displayed.
      


      6. 


    6. 

      Click Edit link next to Authentication Configuration and then
click Add.
      


      The Add Module page is displayed.
      


      7. 


    7. 

      Choose Cert from the Module Name field and REQUIRED for Enforcement
criteria, and then click OK.
      


      8. 


    8. 

      Click OK to complete.
      


      9. 


    

    6. 


  6. 

    From the Access Manager administration console, do the following: 
    


      


    1. 

      Click the arrow next to Core.
      


      2. 


    2. 

      In the Organization Authentication modules list box, select gatewaypdc.
      


      3. 


    3. 

      Choose Dynamic from the User Profile drop-down menu.
      


      4. 


    4. 

      Click Save to complete.
      


      5. 


    

    7. 


  7. 

    Log into the Portal Server administration console as administrator
and do the following:
    


      


    1. 

      Select the Secure Remote Access tab and select the appropriate
gateway profile.
      


      2. 


    2. 

      Select the Security tab.
      


      3. 


    3. 

      In the Certificate-enabled Gateway hosts list box, add the Gateway
name.
      


      4. 


    4. 

      Click Save.
      


      5. 


    

    8. 


  8. 

    Restart the gateway profile from a terminal window:
    


    
./psadmin start-sra-instance -u amadmin -f passwordfile -N profilename -t
gateway

    


    9. 


  9. 

    Install the client certificate issued from CA into the browser
one has to access PDC enabled gateway.
    


    10. 


  10. 

    Install the client certificate into the JVM keystore. JVM control
panel can be accessed as below from the windows machine Start > Setting >
Control Panel > Java.
    



    Add the following to the Applet RunTime parameters:
    


      

    • 

      
Djavax.net.ssl.keyStore=Path to Keystore

      



      • 

    • 

      
Djavax.net.ssl.keyStorePassword=password

      



      • 

    • 

      
Djavax.net.ssl.keyStoreType=type

      



      • 

    


    11. 


  11. 

    Access your gateway profile and organization:
    


    https://gateway:instance-port/YourOrganization
    


    You should be logged in without any prompt for Username and Password
with the name of the certificate.
    


    12. 




ProcedureTo import the Root CA certificate on the gateway machine


    


  1. 

    Import the Root CA certificate on the gateway machine.
    


      


    1. 

      
<Gateway-Install-Dir>/SUNWportal/bin/certadmin -n
<gw-profile-name>

      


      Certadmin menu is listed.
      


      2. 


    2. 

      Select option 3. Enter the path for the certificates.
      


      3. 


    

    For more information, see the Chapter 10, Working with Certificates.
    


    2. 


  2. 

    Generate a Certificate Signing Request  for submitting to the
CA.
    


      


    1. 

      
<Gateway-Install-Dir>/SUNWportal/bin/certadmin -n
<gw-profile-name>

      


      Certadmin menu is listed.
      


      2. 


    2. 

      Select option 2. Enter appropriate information.
      


      3. 


    3. 

      Save the file.
      


      4. 


    

    3. 


  3. 

    Submit the Certificate Signing Request to a CA and get it approved.
Save the certificate response after CA signing.
    


    4. 


  4. 

    Import the Server Certificate after getting approved by CA.
    


      


    1. 

      
<Gateway-Install-Dir>/SUNWportal/bin/certadmin
-n <gw-profile-name>

      


      Certadmin menu is listed.
      


      2. 


    2. 

      Select option 4.
      


      3. 


    3. 

      Specify the location of the file containing the Server Certificate.
      


      4. 


    

    5. 


  5. 

    Import the Root CA certificate on the Portal Server machine.
    


    6. 



Configuring Gateway Attributes Using the Command
Line Options


This section provides the command line options to configure Gateway
attributes from the terminal window for the following tasks:




ProcedureTo Manage Storage of External Server Cookies


When the Store External Server Cookies option is enabled, Gateway stores
and manages cookies for any third party application or server that is accessed
through the Gateway. Although the application or server cannot service cookieless
devices or depends on cookies for state management, Gateway transparently
masks the application or server from knowing that the Gateway is servicing
a cookieless device.


For information on cookieless devices and client detection, see the Access Manager Customization and API Guide.




    

    Type the following command and press Enter to manage storage of
external server cookies.
    



      


    • 

      To enable:
      


      
PS_INSTALL_DIR/bin/psadmin
set-attribute -u amadmin -f PASSWORD_FILE -m gateway
--gateway-profile PROFILE_NAME -a CookieManagement
true

      


      • 


    • 

      To disable:
      


      
PS_INSTALL_DIR/bin/psadmin
set-attribute -u amadmin -f PASSWORD_FILE -m gateway
--gateway-profile PROFILE_NAME -a CookieManagement
false

      


      • 


    • 

      To get attribute value:
      


      
PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a
CookieManagement

      


      • 

    




See also

psadmin set-attribute in Sun Java System Portal Server 7.2 Command-Line Reference and psadmin get-attribute in Sun Java System Portal Server 7.2 Command-Line Reference




ProcedureTo Enable Marking Cookies as Secure


When a cookie is marked as secure, the browser treats the cookie with
additional security. The implementation of security depends on the browser.
The Enable Cookie Management attribute must be enabled for this to work.



    

    Type the following command and press Enter to mark cookies as
secure.
    



      


    • 

      To enable:
      


      
PS_INSTALL_DIR/bin/psadmin
set-attribute -u amadmin -f PASSWORD_FILE -m gateway
--gateway-profile PROFILE_NAME -a MarkCookiesSecure
true

      


      • 


    • 

      To disable:
      


      
PS_INSTALL_DIR/bin/psadmin
set-attribute -u amadmin -f PASSWORD_FILE -m gateway
--gateway-profile PROFILE_NAME -a MarkCookiesSecure
false

      


      • 


    • 

      To get the attribute value:
      


      
PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a
MarkCookiesSecure

      


      • 

    




See also

psadmin set-attribute in Sun Java System Portal Server 7.2 Command-Line Reference and psadmin get-attribute in Sun Java System Portal Server 7.2 Command-Line Reference




ProcedureTo Create List of URLs for Proxies Not to be Used


The Gateway tries to connect directly to the URLs listed in the Do Not
Use Webproxy URLs list. A webproxy is not used to connect to these URLs.



    

    Type the following command and press Enter to manage URLs for
proxies not to be used.
    


    
Note – 

    Separate each URL with a blank space where there are more than
one URL.
    


    



      


    • 

      To specify URLs not to be used:
      


      
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a
DontUseWebProxyURL -A "LIST_OF_URLS"

      


      • 


    • 

      To add to the existing list of URLs:
      


      
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a DontUseWebProxyURL -A "LIST_OF_URLS"

      


      • 


    • 

      To remove from the existing list of URLs:
      


      
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a DontUseWebProxyURL -E "LIST_OF_URLS"

      


      • 


    • 

      To get the existing list of URLs:
      


      
PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a
DontUseWebProxyURL

      


      • 

    




See also

psadmin set-attribute in Sun Java System Portal Server 7.2 Command-Line Reference and psadmin get-attribute in Sun Java System Portal Server 7.2 Command-Line Reference




ProcedureTo Manage RuleSet to URI Mapping


Secure Remote Access supports Microsoft Exchange 2000 SP3 installation
and MS Exchange 2003 of Outlook Web Access (OWA).



    

    To add a URI to the existing list:
    


    
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile default -a DomainsAndRulesets
-A "URI|RULE_SET_NAME URI|RULE_SET_NAME"

    


    To remove a URI from the existing list:
    


    
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile default -a DomainsAndRulesets
-E "URI|RULE_SET_NAME URI|RULE_SET_NAME"

    


    To get the existing list:
    


    
PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a
DomainsAndRulesets

    


    Type the following command and press Enter to manage RuleSet for
Outlook Web Access.
    



      


    • 

      To add a RuleSet
      


      
PS_INSTALL_DIR/bin/psadmin
set-attribute -u amadmin -f PASSWORD_FILE -m gateway
--gateway-profile default -a DomainsAndRulesets -A "EXCHANGE2000_SERVER_NAME exchange_2000sp3_owa_ruleset"

      


      • 


    • 

      To remove a RuleSet:
      


      
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile default -a DomainsAndRulesets
-E "EXCHANGE2000_SERVER_NAME exchange_2000sp3_owa_ruleset"

      


      • 


    • 

      To set a list of URIs to RuleSet mappings:
      


      
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a DomainsAndRulesets "URI|RULE_SET_NAME URI|RULE_SET_NAME"

      


      • 

    




See also

psadmin set-attribute in Sun Java System Portal Server 7.2 Command-Line Reference and psadmin get-attribute in Sun Java System Portal Server 7.2 Command-Line Reference




ProcedureTo Specify the Default Domain


The default domains are useful when URLs contain only the host names
without the domain and subdomain. In this case, the Gateway assumes that the
host names are in the default domain list, and proceeds accordingly.


For example, if the host name in the URL is host1,
and the default domain and subdomain are specified as red.sesta.com,
the host name is resolved as host1.red.sesta.com.



    

    Type the following command and press Enter to specify the default
domains.
    



      


    • 

      To set default domain:
      


      
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a
DefaultDomainsAndSubdomains "DOMAIN_NAME"

      


      • 


    • 

      To get the default domain:
      


      
PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a
DefaultDomainsAndSubdomains

      


      • 

    




See also

psadmin set-attribute in Sun Java System Portal Server 7.2 Command-Line Reference and psadmin get-attribute in Sun Java System Portal Server 7.2 Command-Line Reference




ProcedureTo Manage MIME Guessing


Rewriter depends on the MIME type of the page to choose the parser.
Some web servers such as WebLogic and Oracle do not send MIME types. To work
around this, you can enable the MIME guessing feature by adding data to the
Map Parser to URIs list box.



    

    Type the following command and press Enter to manage MIME guessing.
    



      


    • 

      To enable MIME guessing:
      


      
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a
EnableMIMEGuessing true

      


      • 


    • 

      To disable MIME guessing:
      


      
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a
EnableMIMEGuessing false

      


      • 


    • 

      To get value:
      


      
PS_INSTALL_DIR/bin/psadmin
get-attribute -u amadmin -f PASSWORD_FILE -m gateway
--gateway-profile PROFILE_NAME -a EnableMIMEGuessing

      


      • 

    




See also

psadmin set-attribute in Sun Java System Portal Server 7.2 Command-Line Reference and psadmin get-attribute in Sun Java System Portal Server 7.2 Command-Line Reference




ProcedureTo Create a List of URI Mappings to Parse


If the MIME Guessing checkbox is enabled and the server has not sent
a MIME type, use this list box to map the parser to the URI.


Multiple URIs are separated by a semicolon.


For example HTML=*.html; *.htm;*Servlet. This means that the HTML Rewriter
is used to rewrite the content for any page with a html, htm, or Servlet extension.



    

    Type the following command and press Enter to create a list of
URI mappings to parse.
    



      


    • 

      To set a list of URI mappings to parse:
      


      
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a MIMEMap

      


      • 


    • 

      To add to the existing list:
      


      
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a
MIMEMap -A LIST

      


      • 


    • 

      To remove from the existing list:
      


      
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a
MIMEMap -E LIST

      


      • 


    • 

      To get the existing list:
      


      
PS_INSTALL_DIR/bin/psadmin get-attribute  -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME-a
MIMEMap

      


      • 

    




See also

psadmin set-attribute in Sun Java System Portal Server 7.2 Command-Line Reference




ProcedureTo Manage Masking


Masking allows Rewriter to rewrite a URI so that the intranet URL of
a page is not seen.



    

    Type the following command and press Enter to manage masking.
    



      


    • 

      To enable masking:
      


      
PS_INSTALL_DIR/bin/psadmin
set-attribute -u amadmin -f PASSWORD_FILE -m gateway
--gateway-profile PROFILE_NAME -a EnableObfuscation
true

      


      • 


    • 

      To disable masking:
      


      
PS_INSTALL_DIR/bin/psadmin
set-attribute -u amadmin -f PASSWORD_FILE -m gateway
--gateway-profile PROFILE_NAME -a EnableObfuscation
false

      


      • 


    • 

      To get value:
      


      
PS_INSTALL_DIR/bin/psadmin
get-attribute -u amadmin -f PASSWORD_FILE -m gateway
--gateway-profile PROFILE_NAME -a EnableObfuscation

      


      • 

    




See also

psadmin set-attribute in Sun Java System Portal Server 7.2 Command-Line Reference and psadmin get-attribute in Sun Java System Portal Server 7.2 Command-Line Reference




ProcedureTo Specify the masking Seed String


A seed string is used for masking a URI. A masking algorithm generates
the string.


Note – 
Book marking of an masked URI may not work if this seed string
has been changed or if the Gateway is restarted.





    

    Type the following command and press Enter to specify the masking
seed string.
    



      


    • 

      To set the masking seed string:
      


      
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a
ObfuscationSecretKey SECRET_KEY

      


      • 


    • 

      To get the value:
      


      
PS_INSTALL_DIR/bin/psadmin
get-attribute -u amadmin -f PASSWORD_FILE -m gateway
--gateway-profile PROFILE_NAME -a ObfuscationSecretKey

      


      • 

    




See also

psadmin set-attribute in Sun Java System Portal Server 7.2 Command-Line Reference and psadmin get-attribute in Sun Java System Portal Server 7.2 Command-Line Reference




ProcedureTo Create a List of URIs Not to Mask


Some applications (such as an applet) require an Internet URI and cannot
be masked. To specify those applications, add the URI to the list box.


For example if you added */Applet/Param* to the list
box, the URL would not be masked if the content URI http://abc.com/Applet/Param1.html is matched in the RuleSet rule.


Note – 
Separate each URI with a blank space where there are more than
one URI.





    

    Type the following command and press Enter to create a list of
URIs not to mask.
    



      


    • 

      To set a list of URIs not to mask:
      


      
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a NotToObscureURIList LIST_OF_URI

      


      • 


    • 

      To add to the existing list:
      


      
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a
NotToObscureURIList -A LIST_OF_URI

      


      • 


    • 

      To remove from the existing list:
      


      
PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a
NotToObscureURIList -E LIST_OF_URI

      


      • 


    • 

      To get the existing values:
      


      
PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a
NotToObscureURIList

      


      • 

    




See also

psadmin set-attribute in Sun Java System Portal Server 7.2 Command-Line Reference and psadmin get-attribute in Sun Java System Portal Server 7.2 Command-Line Reference




ProcedureTo Make a Gateway Protocol the Same as the Original
URI Protocol


When a Gateway runs in both HTTP and HTTPS mode, you can enable Rewriter
to use a consistent protocol to access the referred resources in the HTML
content.


For example, if the original URL is http://intranet.com/Public.html then the http Gateway is added. If the original URL is https://intranet.com/Public.html then the https Gateway is added.


Note – 
This applies only to static URIs and not to dynamic URIs generated
in Javascript.





    

    Type the following command and press Enter to make a Gateway protocol
the same as the original URI protocol.
    



      


    • 

      To enable:
      


      
PS_INSTALL_DIR/bin/psadmin
set-attribute -u amadmin -f PASSWORD_FILE -m gateway
--gateway-profile PROFILE_NAME -a UseConsistentProtocolForGateway
true

      


      • 


    • 

      To disable:
      


      
PS_INSTALL_DIR/bin/psadmin
set-attribute -u amadmin -f PASSWORD_FILE -m gateway
--gateway-profile PROFILE_NAME -a UseConsistentProtocolForGateway
false

      


      • 


    • 

      To get the value:
      


      
PS_INSTALL_DIR/bin/psadmin
get-attribute -u amadmin -f PASSWORD_FILE -m gateway
--gateway-profile PROFILE_NAME -a UseConsistentProtocolForGateway

      


      • 

    




See also

psadmin set-attribute in Sun Java System Portal Server 7.2 Command-Line Reference and psadmin get-attribute in Sun Java System Portal Server 7.2 Command-Line Reference